--[[ $%BEGINLICENSE%$
 Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.

 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License as
 published by the Free Software Foundation; version 2 of the
 License.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 02110-1301  USA

 $%ENDLICENSE%$ --]]

local password = assert(require("mysql.password"))
local proto = assert(require("mysql.proto"))

---
-- map usernames to another login
local map_auth = {
    ["replace"] = {
        password = "me",
        new_user = "root",
        new_password = "secret"
    }
}

---
-- show how to use the mysql.password functions
--
function read_auth()
    local c = proxy.connection.client
    local s = proxy.connection.server

    print(("for challenge %q the client sent %q"):format(
        s.scramble_buffer,
        c.scrambled_password
    ))

    -- if we know this user, replace its credentials
    local mapped = map_auth[c.username]
    
    if mapped and
        password.check(
            s.scramble_buffer,
            c.scrambled_password,
            password.hash(password.hash(mapped.password))
        ) then

        proxy.queries:append(1, 
            proto.to_response_packet({
                username = mapped.new_user,
                response = password.scramble(s.scramble_buffer, password.hash(mapped.new_password)),
                charset  = 8, -- default charset
                database = c.default_db,
                max_packet_size = 1 * 1024 * 1024
            })
        )

        return proxy.PROXY_SEND_QUERY
    end
end

